When a security issue is reported, emails to security users is sent with the
content. I think we should provide a better way to warn security user than
sending clear text email because it can lead to a disclosure.
My first idea is to just send an email with the link to the issue instead of the
content.